<?php
require_once('include/inc_database.php');
require_once('include/inc_useraccount.php');
require_once('include/inc_reccomment.php');

// Open DB connection.
$dbobj = new DatabaseObject();
$dbobj->OpenConnection();

$auth = new UserAccount();


$recID = $_POST['recID'];
$commentNumber = $_POST['commentNumber'];
if (empty($recID)) {
	$recID = $_GET['recID'];
	$commentNumber = $_GET['commentNumber'];
}

$cmt_ar = $dbobj->GetResultsAsNestedArray("SELECT * FROM mr_recComment WHERE recID = " . ValToSQL_num($recID) . " AND commentNumber = " . ValToSQL_num($commentNumber) . "", 1);
$cmt_r = $cmt_ar[0];
//echo "*" . $cmt_r['username'];

$rec_ar = $dbobj->GetResultsAsNestedArray("SELECT * FROM mr_recommendation WHERE recID = " . ValToSQL_num($recID) . " ORDER BY recID DESC", 1);
$rec_r = $rec_ar[0];

$cmt = new RecComment();
$cmt->InitFromFieldArray($cmt_r);


// Update the comment
if ($_POST['update_comment'] == 'on' && $_POST['submit_button'] == 'Update comment') {
	
	if ($cmt_r['username'] !== $auth->AuthenticatedUser()) {
		echo "<p>Not logged in.  Must log in to edit a comment.";
		exit();
	}

	$content = trim($_POST['content']);

	// If we made it to here, update.
	$dbobj->SendQuery("UPDATE mr_recComment SET content = " . ValToSQL_str($content) . " WHERE recID = " . ValToSQL_num($recID) . " AND commentNumber = " . ValToSQL_num($commentNumber) . "");

	Header("Location: rec.php?recID=" . $recID . "");
	exit;
}


// Delete the comment.
if ($_POST['update_comment'] == 'on' && $_POST['submit_button'] == '(Delete this comment)') {

	if ($cmt_r['username'] !== $auth->AuthenticatedUser()) {
		echo "<p>Not logged in.  Must log in to delete a comment.";
		exit();
	}

	$cmt->RemoveRecComment();
	Header("Location: rec.php?recID=" . $recID . "");
	exit;
}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Comment edit</title>

<link rel="shortcut icon" href="images/favicon.gif" type="image/x-icon">
<meta name="viewport" content="width=700"/>

<style type="text/css">
	@import url('rec.css?<?=$CSS_VERSION?>');

</style>

<script type="text/javascript">

	var prompt_comment_delete = false;

	function VerifyForm() {
		if (prompt_comment_delete) {
			return confirm('Delete this comment - Are you sure?');
		}
	}
</script>

</head>
<body>

<div id="main">

<h1 style="margin-bottom:10px;">
	<a href="./"><img src="images/logo02b.jpg" align="middle" border="0"/></a>
	Comment edit
</h1>


<form name="f" action="" method="post" onsubmit="return VerifyForm();">
<input type="hidden" name="update_comment" value="on">
<input type="hidden" name="recID" value="<?=$recID?>">
<input type="hidden" name="commentNumber" value="<?=$commentNumber?>">


<table border="0">
<?if ($cmt_r['disabled']) {?>
	<tr>
	<td></td>
	<td style="font-weight:bold; color:#c00;">This comment has been disabled.</td>
	</tr>
<?}?>
<tr>
<td>Author:</td>
<td><?=htmlentities($cmt_r['username'])?></td>
</tr>
<tr>
<td>Comment:</td>
<td><textarea class="reviewform" name="content" rows="8" cols="60"><?=htmlentities($cmt_r['content'])?></textarea></td>
</tr>
<tr>
<td></td>
<td style="padding-top:10px;">
	<input type="submit" name="submit_button" value="Update comment">
	<input type="submit" name="submit_button" value="(Delete this comment)" onclick="prompt_comment_delete = true;">
</td>
</tr>
</table>


</form>

</div>

</body>
</html>
